FaceFlow Users and Team Management

Role-based governance for PageFace editors, admins, and business teams, built on native PageFace permissions and extended with FaceFlow feature access and section-level content controls.

Overview

FaceFlow does not replace the PageFace security model. It extends native user and role management with:

• FaceFlow feature permissions
• section-level page access rules
• safer defaults for sensitive roles
• operational APIs for users, roles, permissions, and access matrices

This gives teams a controlled way to delegate content operations without exposing the full PageFace administration surface.

What Can Be Managed

The users interface supports:

• user CRUD
• role CRUD
• feature permission assignment
• page template access matrix management
• section access rules for FaceFlow pages

These functions are provided through the PageFace access management layer and related FaceFlow routes.

FaceFlow Feature Permissions

FaceFlow exposes a managed whitelist of business permissions, including:

• page-edit
• page-view
• user-admin
• auto-links
• faceflow-variable
• faceflow-component
• faceflow-layout
• faceflow-review
• faceflow-marketplace
• form-builder

This allows teams to grant narrow operational capability without handing out blanket admin access.

Section Access

Section access is stored in a dedicated policy configuration and applies additional control to FaceFlow-managed pages.

This means an editor can be allowed to work only inside:

• a country section
• a brand section
• a campaign subtree
• a business unit branch

Inheritance walks the ancestor chain, so branch-level governance scales cleanly.

Built-in Safeguards

The user management layer protects key system identities:

• superuser accounts and roles are hidden from unsafe editing flows
• guest role and user are effectively read-only
• users cannot delete themselves
• the current admin cannot remove their own last user-admin capability

These safeguards reduce the risk of locking a team out of a PageFace site application.

Operational Recommendations

• assign feature permissions by business function, not by convenience
• use section access to partition ownership between teams
• keep user-admin tightly limited
• review template-level create/edit permissions alongside FaceFlow feature access

Related Documentation

• faceflow-page.md
• faceflow-auto-links.md